It always had a CAPTCHA at sign up. But it is still not enough :/ phpBB's is just normal dark letters with a fuzzy background. Not like other CAPTCHAs that are swirlled, overlapping, different colours, etc.

I doing some modifications but would like not to disclose them since they may be watching

Firestorm ZERO wrote:It always had a CAPTCHA at sign up. But it is still not enough :/ phpBB's is just normal dark letters with a fuzzy background. Not like other CAPTCHAs that are swirlled, overlapping, different colours, etc.

It's been so long since I signed up I forgot

I doing some modifications but would like not to disclose them since they may be watching

Good idea, I didn't want you to reveal what you were doing I was just curious.

That's weird. We never had this problem at TC. I wonder why it happens with this forum. It seems to happen at a lot of PHPbb forums.

Are you able to block sets of IPs from viewing your site? If so, I'd try that. All of our problems with fraud vanished when I blocked various countries in SouthEast Asia from viewing our site. I know that's bad but at one time, we had a serious problem with group of criminals in Southeast Asia. I think they worked from several countries but they were all connected as one big crime ring.

Once I blocked those guys and made the site impossible to crawl for images, I never had problems again.

Well the internet has grown alot since then. Now with Google, just searching for "phpbb" will you give you all the sites with phpbb. Then next, since phpBB's default captcha is 97% breakable (see link in prev. post), a bot just has to automate it. I have prevent this by changing the captcha to a more powerful one.

3 of the 5 spammers didn't bother to activate the account. This is because all they do is put their WWW site to raise their page rank. When google indexes the member list page, they get recorded in google's database. When Google sees that this certain website is heavily linked, they think it is popular, therefore up goes the link. I have now disabled anonymous access to those pages.

I have take other measures as well. I have the IPs but I prefer not to block them unless I really need to.

I still remember when the old forums (asgard's forum) got hacked. I always keep the board up to date. As well check it at least once a day even during work just to make sure nothing bad happened.

I'm still thinking when phpbb 3.0 comes out (in beta 2 I think right now), should I go into it immediately or wait a bit. They will most likely still support the 2.x trunk for a while after the release. But still undecided.